Monday, October 19, 2009

Report of an Inquiry by the All Party Parliamentary Communications Group

Report of an Inquiry by the All Party Parliamentary Communications Group, Can We Keep Our Hands of the Net is now available and gives lots of food for thought. They come out categorically against a 3 strikes regime in paragraph 59 on page 12, for example.

"Question 1: “Bad Traffic”

12. The first of our questions was:
Can we distinguish circumstances when ISPs should be forced to act to deal
with some type of bad traffic? When should we insist that ISPs should not be
forced into dealing with a problem, and that the solution must be found
elsewhere?

Botnets, spam and denial of service
13. When we formulated this question, we had in mind the type of issue that the Foundation
for Information Policy Research (FIPR) was concerned about. They argued that:
In the case of bad incoming traffic, such as spam, the markets have shown that they
can cope; most ISPs now offer spam filtering. The interesting market failure occurs
with bad outgoing traffic. For example, when end-user PCs are compromised and
used to send spam or distribute malware, medium-sized ISPs often take the trouble to
identify them and clean them up, as an ISP that emits a lot of spam can find its
peering relationships at risk. But large ISPs are under no such pressure, and thus
ignore infected machines; dealing with customers costs money. This failure will not
be fixed by technology, and will require regulatory action.
14. FIPR suggested that there should be either a regime of statutory fines, or a privateaction
alternative in the form of a statutory scale of damages – similar to the scheme
introduced by the EU to enable passengers whose flights are cancelled or overbooked to
get compensation. FIPR drew our attention to “Security Economics and European
Policy” a report they had written for the European Network and Information Security
Agency (ENISA) which set out this approach at greater length...

Mere Conduit
22. Andrew Cormack also drew attention to another type of disincentive for ISPs to
examine traffic:It has been suggested that a hosting provider that attempts to detect infringing
material of any kind immediately acquires liability for all infringing material that
may be on their service, on the grounds that they have demonstrated some intent and
ability to edit and select content and are therefore no longer merely a hosting
provider but an editor. For providers that wish to remove inappropriate material
from their own services, but are aware that checking can never guarantee to detect
all problems, this potential liability can be a significant deterrent. We therefore
consider that the law needs to be clarified to ensure that a hosting service that detects
problems on its own service is in the same position as (or at least no worse than) a
service that waits to receive notice of the problems from others. Such a change would
encourage quicker removal of some types of inappropriate content...

27. But to return to the general point that Andrew Cormack was making. The way in which
the “mere conduit” immunity is phrased, is that it is lost if the ISP “selects” or
“modifies” the information within a transmission. This was clearly intended to
distinguish between an organisation who generated traffic (who would not be immune
from action over what they generated), and those who just supplied the communication
pipes to carry the traffic (who would not be liable for carrying material they knew
nothing about).
28. However, this phrasing means that communication pipe suppliers who are attempting to
clean up traffic will lose their “mere conduit” immunity. Of course, this may not
immediately open up an ISP to legal action, since they may have other immunities they
can rely upon – but in such circumstances, the eCommerce Directive will not be of
assistance to them...

Illegal sharing of copyrighted material
30. Other “rightsholders”, the bodies representing the publishing, music and film industries,
had a rather different view of the extent to which “mere conduit” conferred immunity.
The Alliance Against IP Theft said:The Committee, in its introduction to the inquiry, has suggested that ISPs have
“almost no legal liability for the traffic that passes across their networks”. We do
not believe that is strictly true with regards to copyright infringement. While ISPs
may point to the E-Commerce Directive, stating they are a “mere conduit”, rights
holders do not believe this defence is absolute. In addition, the Copyright Directive
allows copyright owners to seek injunctions, requiring ISPs to stop illegal activity on
their networks.
31. A typical view was that expressed by the British Recorded Music Industry (BPI):
“Bad traffic” could arguably be used to describe the ubiquitous daily online
copyright infringement committed by peer to peer users, for two reasons.
First, it is a straightforward breach of the law for a person to upload (i.e. make
available) copyright material without the authorisation of the rightsholders.
Committing a strict liability offence in this way should not simply be ignored. […]
Secondly, the economic impact of this form of “bad traffic” on the creative sector is
highly damaging. Copyright infringement online leads directly to a loss of revenue to
the rightsholders, seriously threatening their viability as businesses, and impacting
on employment in the sector.
32. The rightsholders had a number of explanations as to why the ISPs were not prepared to
deal with what they saw as bad traffic. The Motion Picture Association told us:One explanation for the current unwillingness of ISPs to cooperate could be a fear of
a competitive disadvantage flowing from actions to discourage “bad traffic”. This
argues for some degree of government intervention to ensure a level playing field,
perhaps in the form of a government-sanctioned enforceable Code of Practice
establishing a minimum standard of responsible behaviour.
33. The ISPs generally felt that asking them to act as a proxy for the rightsholders was
inappropriate. For example, T-Mobile told us:It is unclear why T-Mobile should be expected or forced to bear the costs of
protecting a third-party’s rights.
34. TalkTalk drew our attention to other difficulties which occurred when ISPs got involved
in trying to prevent unlawful file sharing:For instance, the current approach to identifying illegal filesharers is unreliable in
correctly identifying the perpetrator with the consequence that innocent parties are
sometimes identified. It is also easy for individuals illegally filesharing to avoid
detection by encrypting their traffic or hijacking someone else’s IP address or using
their wi-fi network. Similarly, site blocking is relatively simple to get around.
35. There were also concerns expressed about whether identifying people who accessed the
Internet via the mobile telephone networks would be possible at all. T-Mobile explained
that the way in which the mobile industry allocated IP addresses to customers caused
particular problems:Whilst technical options are often viewed as a panacea the Group should be aware
that there are serious practical reasons why the measures proposed in the Digital
Britain interim report that work for fixed ISPs will not readily apply in a mobile
environment. In particular mobile operators cannot identify individual rights
infringers from public IP addresses alone with sufficient degree of confidence to
support taking action against customers.
36. TalkTalk went on to ask (and a great many other respondents made similar points about
new business models) if there were better policy options:In many cases there will be other possible approaches to addressing the problem.
For instance, in the case of illegal filesharing, education, alternative business models
and limited court action make go a long way to addressing the issue. Any
consideration of whether an ISP should act must also consider what alternatives exist
and whether these would be more appropriate.In principle, we see that there may be circumstances where it is appropriate for ISPs
to act [...] However, given the potential issues with other approaches, it is critical to
scrutinise and assess any potential initiative against these criteria.
37. Some people suggested that one way to approach file sharing was to ensure that people
paid appropriately for network usage, or – as the rightsholders have proposed – have
their traffic artificially slowed down if they use the Internet too “much”. As a policy
option, this will of course be more attractive to the film industry (where file sizes are
very large) rather than publishing, or the music industry, where files are relatively tiny...

Conclusions regarding Question 1

[...]

53. We agree with the view that was put to us that the current legal protections relating to
“hosting” and “mere conduit” are capable of having a counterproductive effect, in that
they may discourage some proactive approaches by ISPs.
54. We recognise that tidying up this area risks overlaying significant complexity over some
very simple principles. Nevertheless, we recommend that the Government revise the
law to enable ISPs to take proactive steps to detect and remove inappropriate
content from their services, without completely losing important legal immunities
which fit with their third party role in hosting and distributing content. ...

58. We conclude that much of the problem with illegal sharing of copyrighted material
has been caused by the rightsholders, and the music industry in particular, being
far too slow in getting their act together and making popular legal alternatives
available.

59. We do not believe that disconnecting end users is in the slightest bit consistent with
policies that attempt to promote eGovernment, and we recommend that this
approach to dealing with illegal file-sharing should not be further considered.

60. We think that it is inappropriate to make policy choices in the UK when policy
options are still to be agreed by the EU Commission and EU Parliament in their
negotiations over the “Telecoms Package”. We recommend that the Government
terminate their current policy-making process, and restart it with a new
consultation once the EU has made its decisions."